dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #12841
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 4023: Fixed issue, report table jrxml template was not xml encoding field names
------------------------------------------------------------
revno: 4023
committer: Lars Helge Overland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Sun 2011-06-26 12:15:36 +0200
message:
Fixed issue, report table jrxml template was not xml encoding field names
added:
dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/Encoder.java
modified:
dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/grid/GridUtils.java
dhis-2/dhis-support/dhis-support-system/src/main/resources/grid.vm
dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/encoding/velocity/EncoderVelocityContext.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/grid/GridUtils.java'
--- dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/grid/GridUtils.java 2011-05-31 11:39:19 +0000
+++ dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/grid/GridUtils.java 2011-06-26 10:15:36 +0000
@@ -67,6 +67,7 @@
import org.hisp.dhis.common.Grid;
import org.hisp.dhis.common.GridHeader;
import org.hisp.dhis.system.util.CodecUtils;
+import org.hisp.dhis.system.util.Encoder;
import org.hisp.dhis.system.util.MathUtils;
import org.hisp.dhis.system.util.StreamUtils;
@@ -91,7 +92,10 @@
private static final WritableCellFormat XLS_FORMAT_TEXT = new WritableCellFormat( new WritableFont( WritableFont.ARIAL,
11, WritableFont.NO_BOLD, false ) );
+ private static final Encoder ENCODER = new Encoder();
+
private static final String KEY_GRID = "grid";
+ private static final String KEY_ENCODER = "encoder";
private static final String TEMPLATE = "grid.vm";
private static final String RESOURCE_LOADER_NAME = "class";
@@ -317,6 +321,7 @@
final VelocityContext context = new VelocityContext();
context.put( KEY_GRID, grid );
+ context.put( KEY_ENCODER, ENCODER );
velocity.getTemplate( TEMPLATE ).merge( context, writer );
}
=== added file 'dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/Encoder.java'
--- dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/Encoder.java 1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/Encoder.java 2011-06-26 10:15:36 +0000
@@ -0,0 +1,71 @@
+package org.hisp.dhis.system.util;
+
+/*
+ * Copyright (c) 2004-2010, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+import org.apache.commons.lang.StringEscapeUtils;
+
+/**
+ * @author Lars Helge Overland
+ */
+public class Encoder
+{
+ public String htmlEncode( Object object )
+ {
+ return object != null ? StringEscapeUtils.escapeHtml( String.valueOf( object ) ) : null;
+ }
+
+ public String htmlEncode( String object )
+ {
+ return StringEscapeUtils.escapeHtml( object );
+ }
+
+ public String xmlEncode( String object )
+ {
+ return StringEscapeUtils.escapeXml( object );
+ }
+
+ public String jsEncode( String object )
+ {
+ return StringEscapeUtils.escapeJavaScript( object );
+ }
+
+ /**
+ * Assumes " is used as quote char and not used inside values and does
+ * not escape '.
+ */
+ public String jsonEncode( String object )
+ {
+ return StringEscapeUtils.escapeJava( object );
+ }
+
+ @Deprecated
+ public String jsEscape( String object, String quoteChar )
+ {
+ return jsEncode( object );
+ }
+}
\ No newline at end of file
=== modified file 'dhis-2/dhis-support/dhis-support-system/src/main/resources/grid.vm'
--- dhis-2/dhis-support/dhis-support-system/src/main/resources/grid.vm 2011-03-31 11:10:04 +0000
+++ dhis-2/dhis-support/dhis-support-system/src/main/resources/grid.vm 2011-06-26 10:15:36 +0000
@@ -2,7 +2,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<jasperReport xmlns="http://jasperreports.sourceforge.net/jasperreports"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://jasperreports.sourceforge.net/jasperreports http://jasperreports.sourceforge.net/xsd/jasperreport.xsd"; name="dpt" pageWidth="595" pageHeight="842" columnWidth="555" leftMargin="20" rightMargin="20" topMargin="20" bottomMargin="20">
#foreach( $header in $grid.getHeaders() )
- <field name="${header.column}" class="${header.type}"/>
+ <field name="${encoder.xmlEncode( ${header.column} )}" class="${header.type}"/>
#end
<background>
<band splitType="Stretch"/>
@@ -14,7 +14,7 @@
<textElement textAlignment="Center">
<font size="24"/>
</textElement>
- <text><![CDATA[${grid.title}]]></text>
+ <text><![CDATA[${encoder.xmlEncode( ${grid.title} )}]]></text>
</staticText>
<textField>
<reportElement x="12" y="67" width="253" height="20"/>
@@ -51,9 +51,9 @@
#foreach( $header in $grid.getHeaders() )
#if ( !$header.meta )
<categorySeries>
- <seriesExpression><![CDATA["${header.name}"]]></seriesExpression>
+ <seriesExpression><![CDATA["${encoder.xmlEncode( ${header.name} )}"]]></seriesExpression>
<categoryExpression><![CDATA[""]]></categoryExpression>
- <valueExpression><![CDATA[${dollar}F{${header.column}}]]></valueExpression>
+ <valueExpression><![CDATA[${dollar}F{${encoder.xmlEncode( ${header.column} )}}]]></valueExpression>
</categorySeries>
#end
#end
@@ -90,7 +90,7 @@
<textElement #if( !$header.meta )textAlignment="Center"#end>
<font size="10" isBold="true"/>
</textElement>
- <text><![CDATA[${header.name}]]></text>
+ <text><![CDATA[${encoder.xmlEncode( ${header.name} )}]]></text>
</staticText>
#set( $x = ( $x + $offset ) )
#end
@@ -109,7 +109,7 @@
<textElement #if( !$header.meta )textAlignment="Center"#end>
<font size="9"/>
</textElement>
- <textFieldExpression class="${header.type}"><![CDATA[${dollar}F{${header.column}}]]></textFieldExpression>
+ <textFieldExpression class="${header.type}"><![CDATA[${dollar}F{${encoder.xmlEncode( ${header.column} )}}]]></textFieldExpression>
</textField>
#set( $x = ( $x + $offset ) )
#end
=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/encoding/velocity/EncoderVelocityContext.java'
--- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/encoding/velocity/EncoderVelocityContext.java 2011-02-23 14:27:49 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/encoding/velocity/EncoderVelocityContext.java 2011-06-26 10:15:36 +0000
@@ -28,8 +28,7 @@
*/
import org.apache.velocity.VelocityContext;
-
-import org.apache.commons.lang.StringEscapeUtils;
+import org.hisp.dhis.system.util.Encoder;
/**
* @author Torgeir Lorange Ostby
@@ -63,46 +62,4 @@
{
return KEY.equals( key ) || super.containsKey( key );
}
-
- // -------------------------------------------------------------------------
- // Encoder class
- // -------------------------------------------------------------------------
-
- public static class Encoder
- {
- public String htmlEncode( Object object )
- {
- return object != null ? StringEscapeUtils.escapeHtml( String.valueOf( object ) ) : null;
- }
-
- public String htmlEncode( String object )
- {
- return StringEscapeUtils.escapeHtml( object );
- }
-
- public String xmlEncode( String object )
- {
- return StringEscapeUtils.escapeXml( object );
- }
-
- public String jsEncode( String object )
- {
- return StringEscapeUtils.escapeJavaScript( object );
- }
-
- /**
- * Assumes " is used as quote char and not used inside values and does
- * not escape '.
- */
- public String jsonEncode( String object )
- {
- return StringEscapeUtils.escapeJava( object );
- }
-
- @Deprecated
- public String jsEscape( String object, String quoteChar )
- {
- return jsEncode( object );
- }
- }
}
